System for processing queries using an interactive agent server

ABSTRACT

A system for processing queries is disclosed. The system is configured to receive a query from a user, the query comprising a message indicating a request for a service. The system then performs natural language processing on the query, and identifies keywords of the query based on the natural language processing. Based on the identified keywords, the system determines an action and an actionable item from the query. Then, the system generates an acknowledgement request for the query based on the determined action and actionable item, and sends the acknowledgement request to the user. After receiving an acknowledgement from the user on the acknowledgement request, the system sends the determined action and actionable item to an upstream server to request the service.

TECHNICAL FIELD

This disclosure relates generally to processing queries, and moreparticularly to processing queries using an interactive agent server.

BACKGROUND

An enterprise may face many network security issues such as cyber-attackand security breach. Under such circumstances, security vulnerabilitiesin the network may compromise the security of data stored by theenterprise.

If these security issues or other vulnerabilities are not resolved in atimely manner, a backlog of the security issues or vulnerabilities maycause a bottleneck in the network. This will lead to the securityvulnerabilities being exploited. Therefore, it is desirable to find away to efficiently resolve the security issues and other vulnerabilitiesin the network.

SUMMARY

An enterprise may face many network security issues such as securityevents including cyber-attacks, security breaches, etc. For example, amalicious actor may attempt to log into a user account at an IP addressdifferent from where the user usually logs into the user account. Undersuch circumstances, security vulnerabilities in the network maycompromise the security of data stored by the enterprise. The enterprisemay also receive security-related queries (e.g., reset password; requestdatabase access; request URL access) in a large volume from users. Ifthese security events and/or security-related queries are not resolvedin a timely manner, a backlog of the security events and/orsecurity-related queries may cause a bottleneck in the network. Thiswill lead to the security vulnerabilities being exploited. Therefore,these security events and/or security-related queries create a technicalproblem that is inherently rooted in a computer network.

The present application discloses a system which provides a technicalsolution to efficiently resolving the security events and/orsecurity-related queries.

For example, a user may want to request a network-associated servicefrom the system, such as requesting database access for a clouddatabase. Sometimes the user may send a query to the system containingtypos, profanity language, or unintelligible language. The system maydetermine what the user is actually requesting and send anacknowledgement request to request the user to acknowledge that the userwants to access the cloud database.

Specifically, in some embodiments, the disclosed system receives a queryfrom a user. For example, the query may comprise a message indicating arequest for a service. The system then performs natural languageprocessing on the query, and identifies keywords of the query based onthe natural language processing. Based on the identified keywords, thesystem determines an action and an actionable item from the query. Theaction may comprise an operation, a procedure, or a process and theactionable item may comprise an item that is impacted by the action.Then, the system generates an acknowledgement request for the querybased on the determined action and actionable item, and sends theacknowledgement request to the user. The acknowledgement requestrequests the user to acknowledge that the user is requesting theservice. In some embodiments, the acknowledgement request comprises thedetermined action and actionable item. After receiving anacknowledgement from the user on the acknowledgement request, the systemsends the determined action and actionable item to an upstream server torequest the service.

In some embodiments, the system determines whether the receivedacknowledgement comprises profanity, unintelligible language (e.g.,gibberish), and/or non-English language.

If the system determines that the received acknowledgement comprisesprofanity, the system notifies the user that the receivedacknowledgement is ignored because of profanity and that the user isbeing monitored for profanity.

If the system determines that the received acknowledgement comprisesunintelligible language, the system requests the user to send anintelligible acknowledgement.

If the system determines that the received acknowledgement comprisesnon-English language, the system requests the user to send anacknowledgement in English.

As another example, a malicious actor or a user may have attempted toreset a password for a user account at an IP address different fromwhere the user usually logs into the user account. The system may flagthis action as a network security issue by recording a security eventindicating that someone has attempted to reset the password for the useraccount at an unusual IP address. The system may request the user toacknowledge that the user has attempted to reset the password.

Specifically, in some embodiments, the system retrieves a security eventassociated with a user. The security event indicates that the userattempted to perform a security-related action (e.g., access database,reset password). Then, the system generates an acknowledgement requestwhich requests the user to acknowledge that the user has attempted toperform the security-related action.

The disclosed system performs natural language processing on the queryto facilitate resolving the queries in a timely manner. It improves theaccuracy of query interpretation by parsing the query and identifyingkeywords, thereby avoiding misinterpreting the query. Misinterpretingthe query leads to wasted computing time on processing themisinterpreted query and unwanted service to the user. Therefore, thedisclosed system and solution improve the efficiency of queryprocessing, and facilitates conserving computing times and computingresources such as bandwidth and memory. By processing the queries moreefficiently, the system is able to resolve the queries in a timelymanner, thereby avoiding accumulating the queries in the network andresolving the bottleneck in the network.

By performing natural language processing on the queries, the system isproviding an unconventional solution to the previously discussedproblem. Conventional systems do not perform natural language processingon queries. This may result in misinterpretation of the queries, whichleads to wasted computing time on processing the misinterpreted queryand unwanted service to the user.

Furthermore, the disclosed system and solution improves the security ofthe network and the operation of the network itself. As discussedpreviously, the system is able to resolve the queries in a timelymanner, thereby avoiding accumulating the queries in the network andreducing network congestion. This facilitates resolving the bottleneckin the network and increasing the robustness of the network. Forexample, it may restore or improve the bandwidth of the network.Further, bottleneck in the network may cause delay in network securityprotocol's response to security events. Resolving the bottleneck in thenetwork helps reduce the network security protocol's response time tosecurity events, thereby improving the security of the network.

Other technical advantages of the present disclosure will be readilyapparent to one skilled in the art from the following figures,descriptions, and claims. Moreover, while specific advantages have beenenumerated above, various embodiments may include all, some, or none ofthe enumerated advantages.

BRIEF DESCRIPTION OF THE DRAWINGS

For a more complete understanding of the present disclosure and forfurther features and advantages thereof, reference is now made to thefollowing description taken in conjunction with the accompanyingdrawings, in which:

FIG. 1 illustrates an exemplary embodiment of a system for processingqueries, according to some embodiments of the present disclosure;

FIG. 2 presents a call graph illustrating an exemplary embodiment of amethod of processing queries, according to some embodiments of thepresent disclosure;

FIG. 3 presents a call graph illustrating an exemplary embodiment of amethod of processing queries, according to some embodiments of thepresent disclosure;

FIG. 4A illustrates an exemplary embodiment of a communication between auser and an interactive agent server, according to some embodiments ofthe present disclosure;

FIG. 4B illustrates an exemplary embodiment of another communicationbetween a user and an interactive agent server, according to someembodiments of the present disclosure; and

FIG. 4C illustrates an exemplary embodiment of another communicationbetween a user and an interactive agent server, according to someembodiments of the present disclosure.

DETAILED DESCRIPTION

FIG. 1 illustrates an exemplary embodiment of a system 100 forprocessing queries, according to certain embodiments of the presentdisclosure. System 100 comprises one or more users 110, a securityevents server 120, a messaging interface 140, an interactive agentserver 150, and one or more upstream servers 170. In general, system 100receives a query 180 for a service from a user 110 at interactive agentserver 150 via messaging interface 140, performs natural languageprocessing on the query 180, generates an acknowledgement request 186,and send it to user 110. After user 110 sends back an acknowledgment188, system 100 requests the service from upstream server 170.Alternatively, system 100 may retrieve a security event 125 stored insecurity events server 120, and use interactive agent server 150 toprocess the security event 125.

Users 110 of system 100 may include businesses or other commercialorganizations, government agencies, individuals, or any other suitableusers.

Security events server 120 is configured to maintain security events 125associated with users 110 and messages 124 received from users 110.Security events server 120 may comprise any suitable storage scheme. Forexample, security events server 120 may comprise any software, hardware,firmware, and/or combination thereof capable of storing information.Exemplary security events server 120 comprises individual data storagedevices (e.g., disks, solid-state drives), which may be part ofindividual storage engines and/or may be separate entities coupled tostorage engines within. In some embodiments, security events server 120may store third-party databases, database management systems, a filesystem, and/or other entities that include or that manage datarepositories. Security events server 120 may be locally located orremotely located to other elements of system 100.

In some embodiments as illustrated, security events server 120 includesan interface 121, one or more processors 122, and a memory 123. Securityevents server 120 stores the messages 124 and security events 125 inmemory 123. Messages 124 include any message scheme including, but notlimited to, instant message, text message, video messages, email,voicemail, or fax. In some embodiments as illustrated, security events125 include, but not limited to, privacy events 126 (e.g., resetpassword, access database), asset thefts 127, security incident reports(SIRs) 128, endpoint data loss prevention (eDLP) threat aggregation 129,and distributed denial of service (DDoS) attacks 130.

For example, user 110 may want to reset a password for a user accountusing a computer having an IP address that is different from where user110 usually logs into the user account. Then, system 100 records asecurity event 125 indicating that user 110 has attempted to resetpassword at an unusual IP address, and stores the security event 125 insecurity events server 120.

As another example, user 110 wants to reset password for a user account.User 110 may send a message 124 (e.g., an email) to system 100indicating that user 110 wants to reset password for the user account.System 100 then stores the email 124 in security event server 120.

Messaging interface 140 is configured to support communication betweenusers 110 and interactive agent server 150. Messaging interface 140includes any device operable to receive input, send output, process theinput or output, or perform other suitable operations for system 100.Messaging interface 140 includes any port or connection, real orvirtual, including any suitable hardware or software having protocolconversion and data processing capabilities. In certain embodiments,messaging interface 140 includes a user interface (e.g., physical input,graphical user interface (“GUI”), touchscreen, buttons, switches,transducer, or any other suitable method to receive input from a user).

In some embodiments, messaging interface 140 is configured to supporttext-based communication. In some embodiments, messaging interface 140is configured to support voice-based communication. Yet in otherembodiments, messaging interface 140 is further configured to supportany other appropriate type of communication.

Interactive agent server 150 is configured to handle queries associatedwith users 110. In some embodiments as illustrated, interactive agentserver 150 includes one or more processors 151, a memory 152, and one ormore server components 153. As illustrated, server components 153include, but not limited to, web framework 154, NLP applicationprograming interfaces (APIs) 155, OUTLOOK APIs 156, geographicinformation system (GIS) toolkits 157, scheduler 158, APACHE 159, fullyqualified domain name (FQDN) 160, and streaming server 161.

In some embodiments, web framework 154 of interactive agent server 150is configured to support the development of web applications ofinteractive agent server 150, including web services, web resources, andweb APIs. For example, web framework 154 of interactive agent server 150provides tools and libraries to support web development tasks, includingrouting URLs to appropriate handlers, interacting with databases,supporting sessions and user authorization, formatting output (e.g.,HTML, JSON, XML), and improving security against web attacks.

NLP APIs 155 are configured to analyze, understand, and derive meaningfrom human languages. For example, NLP APIs 155 provide tools andlibraries to perform tasks such as automatic summarization, translation,named entity recognition, relationship extraction, sentiment analysis,speech recognition, and topic segmentation. In some embodiments,interactive agent server 150 receives a query from user 110. Interactiveagent server 150 may perform natural language processing on the queryusing the NLP API 155, and determines an action and an actionable itemfrom the query. In some embodiments, interactive agent server 150receives an email 124 associated with user 110 from security eventsserver 120. Interactive agent server 150 may perform natural languageprocessing on the content of the email using the NLP APIs, and extractsa query from the email based on the natural language processing.

OUTLOOK APIs 156 are configured to support personal informationmanagement. For example, OUTLOOK APIs 156 may include tools andlibraries to support calendar planning, task managing, contact managing,note taking, journal, and web browsing. GIS toolkits 157 provide toolsand libraries to capture, store, manipulate, analyze, manage, andpresent spatial or geographic data (e.g., digital maps and georeferenceddata). Scheduler 158 is configured to coordinate the execution ofdifferent tasks and administrate available sources in interactive agentserver 150. APACHE 159 includes tools and libraries to support secureand efficient web applications and services. FQDN 160 includes anabsolute domain name of interactive agent server 150, and/or absolutedomain names of other elements of system 100. Streaming server 161 isconfigured to support transferring of data at a steady high-speed ratewithin system 100. Streaming server 161 facilitates improving bandwidthsufficiency and reducing time lag in system 100.

Upstream servers 170 are configured to provide service to another server(e.g., interactive agent server 150). In some embodiments asillustrated, upstream servers 170 include, but not limited to, OUTLOOKserver 171, relational database management systems (RDBMS) 172, andthird party servers 173. OUTLOOK server 171 may store user oruser-related information, such as users' web mails, contacts, tasks, andcalendaring services. RDBMS 172 may store personal data, financialrecords, manufacturing and logistical information, and/or otherapplications. Exemplary third party servers 173 include validationserver, internet service provider server, and web server. For example,validation server may validate user identities, and internet providerserver may provide internet service to users 110.

In operation, system 100 may be configured to work in two modes: (1)user initiated work mode; and (2) server initiated work mode.

In the user initiated work mode, a user 110 sends a query 180 tointeractive agent server 150 via messaging interface 140. In someembodiments, the query 180 includes a message indicating a request for aservice associated with the network. For example, the message mayindicate that user 110 wants to reinstate internet access for a privatenetwork. The message may indicate that user 110 wants to decommissiondatabase access for a cloud database. The message may indicate that user110 wants to revoke URL access for a particular website. Interactiveagent server 150 then performs natural language processing (NLP) on thequery 180, and identifies keywords of the query 180. Based on theidentified keywords, interactive agent server 150 determines an action182 and an actionable item 184 from the query 180. In some embodiments,the action 182 includes an operation, a procedure, or a process, and theactionable item 184 includes an item that is impacted by the action 182.Then, interactive agent server 150 generates an acknowledgement request186 for the query 180 based on the determined action 182 and actionableitem 184, and sends the acknowledgement request 186 to user 110. In someembodiment, the acknowledgement request 186 requests user 110 toacknowledge that user 110 is requesting the service. In someembodiments, the acknowledgement request 186 comprises the determinedaction 182 and actionable item 184. After receiving an acknowledgement188 from user 110 on the acknowledgement request 186, interactive agentserver 150 sends the determined action 182 and actionable item 184 to anupstream server 170 to request the service.

In some embodiments, interactive agent server 150 determines whether thereceived acknowledgement 188 comprises profanity, unintelligiblelanguage (e.g., gibberish), and/or non-English language.

In some embodiments, if interactive agent server 150 determines that thereceived acknowledgement 188 comprises profanity, the system 100notifies user 110 that the received acknowledgement 188 is ignoredbecause of profanity and that user 110 is being monitored for profanity.

In some embodiments, if interactive agent server 150 determines that thereceived acknowledgement 188 comprises unintelligible language, thesystem 100 requests user 110 to send an intelligible acknowledgement.

In some embodiments, if interactive agent server 150 determines that thereceived acknowledgement 188 comprises non-English language, the system100 requests user 110 to send an acknowledgement in English.

In the server initiated work mode, security events server 120 retrievesa security event 125 associated with a user 110, and sends securityevent 125 to interactive agent server 150. In some embodiments, thesecurity event 125 indicates that the user 110 attempted to perform asecurity-related action (e.g., reset password). Then, interactive agentserver 150 generates an acknowledgement request 186 which requests theuser 110 to acknowledge that the user 110 has attempted to perform thesecurity-related action.

System 100 may further comprise any other suitable type and/or number ofnetwork devices (not shown). Example of other network devices include,but are not limited to, web clients, web servers, user devices, mobilephones, computers, tablet computers, laptop computers, software as aservice (SaaS) servers, databases, file repositories, file hostingservers, and/or any other suitable type of network device. System 100may be configured as shown or in any other suitable configuration.Modifications, additions, or omissions may be made to system 100. System100 may include more, fewer, or other components. Any suitable componentof system 100 may include a processor, interface, logic, memory, orother suitable element.

A server described in the present disclosure may include hardware,software, or other server(s). A server may execute any suitableoperating system such as IBM's zSeries/Operating System (z/OS), MS-DOS,PC-DOS, MAC-OS, WINDOWS, a .NET environment, UNIX, OpenVMS, or any otherappropriate operating system, including future operating systems. Thefunctions of a server may be performed by any suitable combination ofone or more servers or other elements at one or more locations.

A processor described in the present disclosure may comprise anyelectronic circuitry including, but not limited to, state machines, oneor more central processing unit (CPU) chips, logic units, cores (e.g., amulti-core processor), field-programmable gate array (FPGAs),application specific integrated circuits (ASICs), or digital signalprocessors (DSPs). The processor may be a programmable logic device, amicrocontroller, a microprocessor, or any suitable combination of thepreceding. The processor may include an arithmetic logic unit (ALU) forperforming arithmetic and logic operations, processor registers thatsupply operands to the ALU and store the results of ALU operations, anda control unit that fetches instructions from memory and executes themby directing the coordinated operations of the ALU, registers and othercomponents.

A memory described in the present disclosure may comprise any deviceoperable to store, either permanently or temporarily, data, operationalsoftware, or other information for a processor. In some embodiments, thememory comprises one or more disks, tape drives, or solid-state drives,and may be used as an over-flow data storage device, to store programswhen such programs are selected for execution, and to store instructionsand data that are read during program execution. The memory may compriseany one or a combination of volatile or non-volatile local or remotedevices suitable for storing information. For example, the memory maycomprise random access memory (RAM), read only memory (ROM), magneticstorage devices, optical storage devices, semiconductor storage devices,or any other suitable information storage device or a combination ofthese devices.

An interface described in the present disclosure may comprise any deviceoperable to receive input, send output, process the input or output, orperform other suitable operations for system 100. The interface includesany port or connection, real or virtual, including any suitable hardwareor software, including protocol conversion and data processingcapabilities, to communicate through a network. In certain embodiments,an interface includes a user interface (e.g., physical input, graphicaluser interface (“GUI”), touchscreen, buttons, switches, transducer, orany other suitable method to receive input from a user).

FIG. 2 presents a call graph illustrating an exemplary embodiment of amethod 200 of processing queries 180, according to some embodiments ofthe present disclosure. The following is a non-limiting example thatillustrates how system 100 implements method 200. Method 200 can be bestunderstood with reference to FIGS. 4A, 4B, and 4C.

First, user 110 initiates a conversation with interactive agent server150 by sending a query 180 to interactive agent server 150 (step 202).In some embodiments, the query 180 includes a message indicating arequest for a service. For example, referring to FIG. 4A, user 110 sendsthe message “make reinstat internet access” to interactive agent server150, indicating that user 100 wants to restore internet access. Notethat user 110 has misspelled the word “reinstate” as “reinstat” in themessage.

Interactive agent server 150 receives the message and performs naturallanguage processing on the message (step 204). In some embodiments,interactive agent server 150 may use NLP APIs to parse the sentences inthe message, segment words in the sentences, perform semantic analysison the words, and extract terminologies, etc.

In some embodiments, interactive agent server 150 identifies somekeywords of the message. Specifically, interactive agent server 150 mayfirst perform pre-processing on the sentences in the message. Forexample, interactive agent server 150 may remove words that aren'talphanumeric. Interactive agent server 150 may filter out meaninglesswords and/or phrases such as stop words. Interactive agent server 150may determine negations in the message. Interactive agent server 150 mayfurther correct words that are spelled wrong in the message. Then,interactive agent serve 150 may identify verbs and nouns as keywords inthe message. Interactive agent server 150 may categorize the verbs andnouns, and determine an action 182 and an actionable item 184 (step206). In some embodiments, actions 182 refer to tasks such asoperations, processes, or procedures initiated by interactive agentserve 150. Actionable items 184 provide a selection of things impactedby the actions. Exemplary actions 182 include “revoke,” “reinstate,” and“decommission.” Exemplary actionable items 184 include “internetaccess,” “URL access,” “database access,” and “ID card access.”

For example, interactive agent server 150 performs natural languageprocessing on the message “make reinstat internet access” as illustratedin FIG. 4A. Interactive agent server 150 removes the word “make,”corrects the word “reinstat” to “reinstate,” and determines the word“reinstate” as an action 182 and the term “internet access” as anactionable item 184.

Interactive agent server 150 then generates an acknowledgement request186 for the message (step 208). In some embodiments, interactive agentserver 150 generates the acknowledgement request based on the determinedaction 182 and actionable item 184. As illustrated in FIG. 4A,interactive agent server 150 generates the acknowledgement request 186as “reinstate internet access,” which includes the determined action 182“reinstate” and the determined actionable item 184 “internet access.”Interactive agent server 150 then sends the acknowledgement request 186to user 110 via messaging interface 140 to request user 110 toacknowledge the acknowledgement request 186 (step 210).

Next, user 110 sends an acknowledgement 188 on the acknowledgementrequest 186 to interactive agent server 150 via messaging interface 140(step 212). In some embodiments, interactive agent server 150 receivesthe acknowledgment 188 and determines whether the receivedacknowledgement 188 comprises profanity (step 214). Exemplary profanityincludes bad language, offensive language, crude language, andblasphemous language. Yet in other embodiments, interactive agent server150 further determines whether the received acknowledgement 188comprises unintelligible language (e.g., gibberish), and/or non-Englishlanguage.

In some embodiments, interactive agent server 150 performs naturallanguage processing on the acknowledgment 188 and determines whether theacknowledgement 188 comprises profanity, unintelligible language (e.g.,gibberish), and/or non-English language.

If interactive agent server 150 determines that the receivedacknowledgement 188 comprises profanity, interactive agent server 150notifies the user 110 that the received acknowledgement 188 is ignoredbecause of profanity and that the user 110 is being monitored forprofanity (step 216). For example, as illustrated in FIG. 4A, afterdetermining that the acknowledgement 188 includes profanity, interactiveagent server 150 sends a notification to user 110 informing user 110 ofbeing monitored for profanity violation.

If interactive agent server 150 determines that the receivedacknowledgement 188 comprises unintelligible language (e.g., gibberish),interactive agent server 150 requests the user 110 to send anintelligible acknowledgement. As illustrated in

FIG. 4B, after determining that the acknowledgement 188 containsgibberish, interactive agent server 150 sends a notification to user 110requiring user 100 to send an intelligible acknowledgement.

If interactive agent server 150 determines that the receivedacknowledgement 188 comprises non-English language, interactive agentserver 150 requests the user 110 to resend the acknowledgement 188 inEnglish. As illustrated in FIG. 4C, interactive agent server 150 sends anotification to user 110 to inform the user 110 that the acknowledgement188 contains non-English language and to require user 110 to resend theacknowledgement 188 in English.

If interactive agent server 150 determines that the acknowledgement 188does not contain profanity, unintelligible language, and/or non-Englishlanguage, interactive agent server 150 sends the determined action 182and actionable item 184 to an upstream server 170 (step 220). Forexample, interactive agent server 150 sends the determined action 182“reinstate” and the determined actionable item 184 “internet access” toa third party 176 (e.g., an internet service provider) to restoreinternet access. Note that in some embodiments, interactive agent server150 may further requests upstream server 170 to validate the identity ofuser 110 (step 218).

Upstream server 170 receives the determined action 182 and actionableitem 184 from interactive agent server 150 and fulfills the requestedservice (step 222). For example, third party 176 (e.g., an internetservice provider) receives the action 182 “reinstate” and the actionableitem 184 “internet access” from interactive agent server 150, andrestores internet access for the user 110.

In some embodiments, upstream server 170 further updates the querystatus 190 to the user 110 (step 224). For example, upstream server 170may send a notification to user 110 informing user 110 that internetaccess has been reinstated.

FIG. 3 presents a call graph illustrating an exemplary embodiment of amethod 300 of processing queries 180, according to some embodiments. Thefollowing is a non-limiting example that illustrates how system 100implements method 300.

First, security events server 120 retrieves a security event 125 (step302). For example, user 110 may want to reset a password for a useraccount using a computer having an IP address that is different fromwhere user 110 usually logs into the user account. Security eventsserver 120 records a security event 125 indicating that user 110 hasattempted to reset password at an unusual IP address. In someembodiments, the security event 125 may further indicate that the useraccount has been locked from the user 110.

Alternatively, in some embodiments, security events server 120 retrievesa message 124 (e.g., an email) associated with a user 110 indicatingthat user 110 wants to reset password for a user account.

Then, security events server 120 sends the retrieved security event 125or the retrieved message 124 to interactive agent server 150 (step 304).

Interactive agent server 150 receives the security event 125 sent fromsecurity events server 120, and generate an acknowledgement request 186for the security event 125 (step 306). For example, referring to FIG.4C, after receiving the security event 125 indicating that user 110 hasattempted to reset password at an unusual IP address, interactive agentserver 150 generates an acknowledgement request 186 which requests theuser 110 to acknowledge that the user 110 has attempted to resetpassword.

Alternatively, in some embodiments, interactive agent server 150 mayreceive a message 124 (e.g., an email) from security events server 120.For example, the email 124 may be pertaining to resetting password for auser account. In some embodiments, interactive agent server 150 uses NPLAPIs 155 to perform natural language processing on the email 124 togenerate an acknowledgement request 186.

Next, interactive agent server 150 sends the acknowledgement request 186to user 110 (step 308).

User 110 then sends an acknowledgement 188 on the acknowledgementrequest 186 to interactive agent server 150 via messaging interface 140(step 310).

In some embodiments, interactive agent server 150 receives theacknowledgment 188 and determines whether the received acknowledgement188 comprises profanity (step 312). Yet in other embodiments,interactive agent server 150 further determines whether the receivedacknowledgement 188 comprises unintelligible language (e.g., gibberish),and/or non-English language.

In some embodiments, interactive agent server 150 performs naturallanguage processing on the acknowledgment 188 and determines whether theacknowledgement 188 comprises profanity, unintelligible language (e.g.,gibberish), and/or non-English language.

In some embodiments, if interactive agent server 150 determines that thereceived acknowledgement 188 comprises profanity, interactive agentserver 150 notifies the user 110 that the received acknowledgement 188is ignored because of profanity and that the user 110 is being monitoredfor profanity (step 314). In some embodiments, if interactive agentserver 150 determines that the received acknowledgement 188 comprisesunintelligible language (e.g., gibberish), interactive agent server 150requests the user 110 to send an intelligible acknowledgement. In someembodiments, if interactive agent server 150 determines that thereceived acknowledgement 188 comprises non-English language, interactiveagent server 150 requests the user 110 to resend the acknowledgement 188in English.

If interactive agent server 150 determines that the acknowledgement 188does not contain profanity, unintelligible language, and/or non-Englishlanguage, interactive agent server 150 sends a request for a service toan upstream server 170 (step 318). For example, interactive agent server150 may send a request to RDBMS 174 requiring unlocking user account foruser 110. In some embodiments, interactive agent server 150 may send avalidation request to a third party server 176 (e.g., a validationserver) asking the validation server to validate the identity of user110 (step 316).

Upstream server 170 receives the service request from interactive agentserver 150 and fulfills the requested service (step 320). For example,third party server 176 (e.g., a validation server) validates theidentity of user 110, and RDBMS 174 unlocks the user account for user110.

Upstream server 170 further updates the query status 190 to the user 110(step 322). For example, upstream server 170 may send a notification touser 110 informing user that the user account has been unlocked for user110.

While several embodiments have been provided in the present disclosure,it should be understood that the disclosed systems and methods might beembodied in many other specific forms without departing from the spiritor scope of the present disclosure. The present examples are to beconsidered as illustrative and not restrictive, and the intention is notto be limited to the details given herein. For example, the variouselements or components may be combined or integrated in another systemor certain features may be omitted, or not implemented.

In addition, techniques, systems, subsystems, and methods described andillustrated in the various embodiments as discrete or separate may becombined or integrated with other systems, modules, techniques, ormethods without departing from the scope of the present disclosure.Other items shown or discussed as coupled or directly coupled orcommunicating with each other may be indirectly coupled or communicatingthrough some interface, device, or intermediate component whetherelectrically, mechanically, or otherwise. Other examples of changes,substitutions, and alterations are ascertainable by one skill in the artand could be made without departing from the spirit and scope disclosedherein.

To aid the Patent Office, and any readers of any patent issued on thisapplication in interpreting the claims appended hereto, applicants notethat they do not intend any of the appended claims to invoke 35 U.S.C. §112(f) as it exists on the date of filing hereof unless the words “meansfor” or “step for” are explicitly used in the particular claim.

What is claimed is:
 1. A system for processing queries, comprising: aninteractive agent server configured to support human-machinecommunication; and an upstream server communicatively coupled to theinteractive agent server, the upstream server configured to provideservice to the interactive agent server; wherein the interactive agentserver comprises one or more processors, the one or more processorsoperable to: receive a first query from a first user, the first querycomprising a message indicating a request for a service; perform naturallanguage processing on the first query; identify keywords of the firstquery based on the natural language processing; determine an action andan actionable item from the first query based on the identifiedkeywords, wherein the action comprises an operation, a procedure, or aprocess, wherein the actionable item comprises an item that is impactedby the action; generate an acknowledgement request for the first querybased on the determined action and actionable item, wherein theacknowledgement request requests the first user to acknowledge that thefirst user is requesting the service, wherein the acknowledgementrequest comprises the determined action and actionable item; send theacknowledgement request to the first user; receive an acknowledgement onthe acknowledgement request from the first user; and in response toreceiving the acknowledgement, send the determined action and actionableitem to the upstream server to request the service.
 2. The system ofclaim 1, wherein the upstream server is further configured to: fulfillthe service request; and update a query status to the first user bynotifying the first user that the service request has been fulfilled. 3.The system of claim 1, wherein performing natural language processing onthe first query comprises: performing word correction on the message;identifying stop words in the message; determining negations in themessage; and categorizing words in the message.
 4. The system of claim1, wherein the one or more processors are further operable to: determinewhether the received acknowledgement comprises a profanity; and upondetermining that the received acknowledgement comprises a profanity,notify the first user that the received acknowledgement is ignoredbecause of profanity and that the first user is being monitored forprofanity.
 5. The system of claim 1, wherein the one or more processorsare further operable to: determine whether the received acknowledgementcomprises an unintelligible language; and upon determining that thefirst query comprises an unintelligible language, request the first userto send an intelligible acknowledgement.
 6. The system of claim 1,wherein the one or more processors are further operable to: determinewhether the received acknowledgement comprises a non-English language;and upon determining that the received acknowledgement comprises anon-English language, request the first user to send an acknowledgementin English.
 7. The system of claim 1, wherein: the system furthercomprises a security events server communicatively coupled to theinteractive agent server, the security events server comprising a memoryto store a plurality of security events; and the one or more processorsare further operable to: retrieve a security event from the securityevents server, the security event indicating that a second userattempted to perform a security-related action; generate a secondacknowledgement request based on the security event, the secondacknowledgement request requesting the second user to acknowledge thatthe second user has performed the security-related action; send thesecond acknowledgement request to the second user; and receive a secondacknowledgment on the second acknowledgement request from the seconduser indicating that the second user acknowledges performing thesecurity-related action.
 8. The system of claim 7, wherein the securityevent comprises: a privacy event; an asset theft; a security incidentreport; an endpoint data loss prevention (eDLP) threat segregation; or adistributed denial of service (DDoS) attack.
 9. A non-transitorycomputer-readable medium comprising logic for processing queries, thelogic, when executed by a processor, operable to: receive a first queryfrom a first user, the first query comprising a message indicating arequest for a service; perform natural language processing on the firstquery; identify keywords of the first query based on the naturallanguage processing; determine an action and an actionable item from thefirst query based on the identified keywords, wherein the actioncomprises an operation, a procedure, or a process, wherein theactionable item comprises an item that is impacted by the action;generate an acknowledgement request for the first query based on thedetermined action and actionable item, wherein the acknowledgementrequest requests the first user to acknowledge that the first user isrequesting the service, wherein the acknowledgement request comprisesthe determined action and actionable item; send the acknowledgementrequest to the first user; receive an acknowledgement on theacknowledgement request from the first user; and in response toreceiving the acknowledgement, send the determined action and actionableitem to an upstream server to request the service.
 10. Thenon-transitory computer-readable medium of claim 9, wherein the logic,when executed by a processor, further operable to: fulfill the servicerequest; and update a query status to the first user by notifying thefirst user that the service request has been fulfilled.
 11. Thenon-transitory computer-readable medium of claim 9, wherein performingnatural language processing on the first query comprises: performingword correction on the message; identifying stop words in the message;determining negations in the message; and categorizing words in themessage.
 12. The non-transitory computer-readable medium of claim 9,wherein the logic, when executed by a processor, further operable to:determine whether the received acknowledgement comprises a profanity;and upon determining that the received acknowledgement comprises aprofanity, notify the first user that the received acknowledgement isignored because of profanity and that the first user is being monitoredfor profanity.
 13. The non-transitory computer-readable medium of claim9, wherein the logic, when executed by a processor, further operable to:determine whether the received acknowledgement comprises anunintelligible language; and upon determining that the first querycomprises an unintelligible language, request the first user to send anintelligible acknowledgement.
 14. The non-transitory computer-readablemedium of claim 9, wherein the logic, when executed by a processor,further operable to: determine whether the received acknowledgementcomprises a non-English language; and upon determining that the receivedacknowledgement comprises a non-English language, request the first userto send an acknowledgement in English.
 15. The non-transitorycomputer-readable medium of claim 9, wherein the logic, when executed bya processor, further operable to: retrieve a security event, thesecurity event indicating that a second user attempted to perform asecurity-related action; generate a second acknowledgement request basedon the security event, the second acknowledgement request requesting thesecond user to acknowledge that the second user has performed thesecurity-related action; send the second acknowledgement request to thesecond user; and receive a second acknowledgment on the secondacknowledgement request from the second user indicating that the seconduser acknowledges performing the security-related action.
 16. A methodfor processing queries, comprising: receiving a first query from a firstuser, the first query comprising a message indicating a request for aservice; performing natural language processing on the first query;identifying keywords of the first query based on the natural languageprocessing; determining an action and an actionable item from the firstquery based on the identified keywords, wherein the action comprises anoperation, a procedure, or a process, wherein the actionable itemcomprises an item that is impacted by the action; generating anacknowledgement request for the first query based on the determinedaction and actionable item, wherein the acknowledgement request requeststhe first user to acknowledge that the first user is requesting theservice, wherein the acknowledgement request comprises the determinedaction and actionable item; sending the acknowledgement request to thefirst user; receiving an acknowledgement on the acknowledgement requestfrom the first user; and in response to receiving the acknowledgement,sending the determined action and actionable item to an upstream serverto request the service.
 17. The method of claim 16, wherein the methodfurther comprises: determining whether the received acknowledgementcomprises a profanity; and upon determining that the receivedacknowledgement comprises a profanity, notifying the first user that thereceived acknowledgement is ignored because of profanity and that thefirst user is being monitored for profanity.
 18. The method of claim 16,wherein the method further comprises: determining whether the receivedacknowledgement comprises an unintelligible language; and upondetermining that the first query comprises an unintelligible language,requesting the first user to send an intelligible acknowledgement. 19.The method of claim 16, wherein the method further comprises:determining whether the received acknowledgement comprises a non-Englishlanguage; and upon determining that the received acknowledgementcomprises a non-English language, requesting the first user to send anacknowledgement in English.
 20. The method of claim 16, wherein themethod further comprises: retrieving a security event, the securityevent indicating that a second user attempted to perform asecurity-related action; generating a second acknowledgement requestbased on the security event, the second acknowledgement requestrequesting the second user to acknowledge that the second user hasperformed the security-related action; sending the secondacknowledgement request to the second user; and receiving a secondacknowledgment on the second acknowledgement request from the seconduser indicating that the second user acknowledges performing thesecurity-related action.